Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Dell SmartFabric OS10 User Guide Release 10.5.3

PDF

Telemetry client authentication using TLS

To configure telemetry client authentication using TLS:
  1. Set up a streaming telemetry collector.
  2. Configure the host and CA certificate on the OS10 switch.
  3. Configure telemetry (see Configure telemetry).

Set up a streaming telemetry collector

  1. In the /etc/hosts file, add the collector hostname (for example, securesrc).
  2. Perform the following steps to generate an RSA private key:
    1. Generate a valid CA key and certificate.
      openssl genrsa -passout pass:1234 -des3 -out ca.key 4096
      	
      openssl req -passin pass:1234 -new -x509 -days 365 -key ca.key -out ca.crt -subj "/C=SP/ST=Spain/L=Valdepenias/O=Test/OU=Test/CN=Root CA"
      
    2. Generate a valid server key and certificate request.
      openssl genrsa -passout pass:1234 -des3 -out server.key 4096
      
      openssl req -passin pass:1234 -new -key server.key -out server.csr -subj "/C=SP/ST=Spain/L=Valdepenias/O=Test/OU=Server/CN=securesrc"
      
      openssl x509 -req -passin pass:1234 -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
    3. Remove passphrase from the server key.
      openssl rsa -passin pass:1234 -in server.key -out server.key
    4. Generate a valid client key and certificate request.
      openssl genrsa -passout pass:1234 -des3 -out client.key 4096
      
      openssl req -passin pass:1234 -new -key client.key -out client.csr -subj "/C=SP/ST=Spain/L=Valdepenias/O=Test/OU=Client/CN=localhost"
      
      openssl x509 -passin pass:1234 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt
    5. Remove passphrase from the client key.
      openssl rsa -passin pass:1234 -in client.key -out client.key
      NOTE: The collector hostname (securesrc) is added to the server key.
    6. Rename the file client.crt to os10host.crt, and client.key to os10host.key. Then, copy the ca.crt, os10host.crt and os10host.key files to the OS10 switch.
    7. Start the streaming telemetry collector in TLS mode.

Configure the host and CA certificate on the OS10 switch

  1. Create an IP host entry for the collector IP on the switch. The hostname must be same as given in the streaming telemetry collector.
    OS10(config)# ip host securesrc collector_ip
  2. Configure CA certificate in the switch. Copy the ca.crt file from the collector machine to the /home/admin path.
    OS10# crypto ca-cert install home://ca.crt
    OS10#crypto cert install cert-file home://os10host.crt key-file home://os10host.key
  3. Once the CA certificate is installed, configure telemetry as explained in the Configure telemetry section.
    NOTE: For destination, do not specify IP, instead specify the hostname.
    OS10(conf-telemetry)# show configuration
    !
    telemetry
    enable
     !
     destination-group dg01
      destination securesrc 50000
     !
     subscription-profile sp01
      sensor-group bgp
      sensor-group interface
      destination-group dg01
      encoding gpb
      transport grpc
      source-interface ethernet1/1/1
    OS10(conf-telemetry)#

Rate this content

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\